{"id":7489,"date":"2023-01-18T15:49:06","date_gmt":"2023-01-18T06:49:06","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=7489"},"modified":"2023-01-19T08:44:46","modified_gmt":"2023-01-18T23:44:46","slug":"kubernetes-private-docker-repository-with-pv-%ec%84%a4%ec%b9%98","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=7489","title":{"rendered":"Kubernetes \u2013 Private Docker Repository with PV \uc124\uce58"},"content":{"rendered":"

Kubernetes \u2013 Private Docker Repository with PV \uc124\uce58<\/h1>\n

Private Docker Repository \ub97c \uc124\uce58\ud558\ub294 \ubc29\ubc95\uc744 \uc124\uba85\ud569\ub2c8\ub2e4.<\/p>\n

\uc77c\ubc18 \ub3c4\uba54\uc778 \uc8fc\uc18c\uc640 https \uc778\uc99d\uc11c\ub97c \uc774\uc6a9\ud574 \uc124\uc815\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n

sudo systemctl restart docker\nsudo systemctl restart containerd<\/code><\/pre>\n
Namespace<\/h2>\n
vi repository-namespace.yaml\n---------------------------\napiVersion: v1\nkind: Namespace\nmetadata:\n  name: repository\n---------------------------<\/code><\/pre>\n
PersistentVolume<\/h2>\n
\uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud558\uc5ec PV \ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
vi local-storage-class.yaml\n---------------------------\nkind: StorageClass\napiVersion: storage.k8s.io\/v1\nmetadata:\n  name: local-storage\nprovisioner: kubernetes.io\/no-provisioner\nvolumeBindingMode: WaitForFirstConsumer\n---------------------------<\/code><\/pre>\n
vi repository-pv.yaml\n---------------------------\napiVersion: v1\nkind: PersistentVolume\nmetadata:\n  name: repository-pv-0\n  namespace: repository\nspec:\n  capacity:\n    storage: 100Gi\n  accessModes:\n  - ReadWriteOnce\n  claimRef:\n    name: claim-docker-repository-0\n    namespace: repository\n  persistentVolumeReclaimPolicy: Retain\n  storageClassName: local-storage\n  local:\n    path: \/DATA\/repository          # \ud638\uc2a4\ud2b8 \ud3f4\ub354\uacbd\ub85c\n  nodeAffinity:\n    required:\n      nodeSelectorTerms:\n      - matchExpressions:\n        - key: kubernetes.io\/hostname\n          operator: In\n          values:\n          - es-search02\n---------------------------<\/code><\/pre>\n
StatefulSet<\/h2>\n
\uc77c\ubc18 \ub3c4\uba54\uc778 \uc8fc\uc18c\uc640 https \uc778\uc99d\uc11c\ub97c \uc774\uc6a9\ud574 \uc124\uc815\ud574\uc57c \ud569\ub2c8\ub2e4.
\n\uc544\ub2c8\uba74 \uad00\ub9ac\uc0c1 \ub9e4\uc6b0 \ubd88\ud3b8\ud574\uc9d1\ub2c8\ub2e4.<\/p>\n
vi repository-sts.yaml\n---------------------------\napiVersion: apps\/v1\nkind: StatefulSet\nmetadata:\n  name: docker-repository\n  namespace: repository\nspec:\n  serviceName: repository\n  replicas: 1\n  selector:\n    matchLabels:\n      app: docker-repository\n  template:\n    metadata:\n      labels:\n        app: docker-repository\n    spec:\n      containers:\n      - name: docker-repository\n        image: registry:2.7.1\n        ports:\n          - name: http-port\n            containerPort: 5000\n        env:\n        - name: REGISTRY_HTTP_ADDR\n          value: 0.0.0.0:5000\n        - name: REGISTRY_HTTP_TLS_CERTIFICATE\n          value: \/ssl\/repository.crt\n        - name: REGISTRY_HTTP_TLS_KEY\n          value: \/ssl\/repository.key\n        volumeMounts:\n        - name: private-rootca-crt\n          mountPath: \/etc\/ssl\/certs\/repository.pem\n          subPath: rootCA.crt\n          readOnly: true\n        - name: repository-pemstore\n          mountPath: \/ssl\/\n          readOnly: true\n        - name: claim\n          mountPath: \/var\/lib\/registry\n      volumes:\n      - name: private-rootca-crt\n        configMap:\n          name: private-rootca.crt\n      - name: repository-pemstore\n        configMap:\n          name: repository-pemstore\n  volumeClaimTemplates:\n  - metadata:\n      name: claim\n      namespace: repository\n    spec:\n      accessModes: [ "ReadWriteOnce" ]\n      storageClassName: local-storage\n      resources:\n        requests:\n          storage: 100Gi\n---------------------------<\/code><\/pre>\n
Service<\/h2>\n
cat repository-svc.yaml\n---------------------------\napiVersion: v1\nkind: Service\nmetadata:\n  name: docker-repository\n  namespace: repository\nspec:\n  type: ClusterIP\n  ports:\n    - name: https\n      port: 443\n      targetPort: 5000\n  selector:\n    app: docker-repository\n---------------------------<\/code><\/pre>\n
\ud074\ub77c\uc774\uc5b8\ud2b8 \uc124\uc815 (build, push)<\/h2>\n
\uc0d8\ud50c\uc740 Jenkins \uc544\uc774\ud15c\uc785\ub2c8\ub2e4.
\n\uc544\ub798 \uc0d8\ud50c\uc5d0\uc11c\ub294 \uc11c\ube44\uc2a4 \ub3c4\uba54\uc778\uc744 \uc774\uc6a9\ud574 \ube4c\ub4dc\ud558\uace0 \uc788\uc9c0\ub9cc,
\n\uc77c\ubc18 \ub3c4\uba54\uc778\uacfc HTTPS \uc778\uc99d\uc11c\ub97c \uc774\uc6a9\ud574 \uc811\uc18d\ud574\uc57c \ubcc4\ub3c4\uc124\uc815\uc5c6\uc774 \uc811\uadfc\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4.<\/p>\n
pipeline {\n    agent {\n        kubernetes {\n            defaultContainer 'jnlp'\n            yaml """\nspec:\n  # dnsPolicy: Default       # \uc774\uac8c \uc65c \ud544\uc694\ud560\uae4c?\n  containers:\n    - name: docker\n      image: docker:20.10.22\n      command:\n        - cat\n      tty: true\n      # privileged: true\n      volumeMounts:\n      - name: dockersock\n        mountPath: \/var\/run\/docker.sock\n  volumes:\n  - name: dockersock\n    hostPath:\n      path: \/var\/run\/docker.sock\n"""\n        }\n    }\n\n    stages {\n        stage("Get Source") {\n            steps {\n                    writeFile file: 'Dockerfile', text: """\nFROM docker.elastic.co\/elasticsearch\/elasticsearch:7.17.8\n\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch https:\/\/github.com\/skyer9\/elasticsearch-jaso-analyzer\/releases\/download\/7.17.8\/jaso-analyzer-plugin-7.17.8-plugin.zip\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch analysis-icu\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch analysis-nori\n                    """\n            }\n        }\n\n        stage('Docker Build') {\n            steps {\n                container('docker') {\n                    sh "docker build -t docker-repository.repository.svc.cluster.local\/search-engine\/elasticsearch:7.17.8.${build_number} ."\n                    sh "docker push docker-repository.repository.svc.cluster.local\/search-engine\/elasticsearch:7.17.8.${build_number}"\n                }\n            }\n        }\n    }\n}<\/code><\/pre>\n
\ud074\ub77c\uc774\uc5b8\ud2b8 \uc124\uc815 (pull, run)<\/h2>\n
\uc544\ub798 \uc124\uc815\uc73c\ub85c Private Repo \uc5d0\uc11c \uc774\ubbf8\uc9c0\ub97c \ubc1b\uc544\uc640 \uc2e4\ud589\uc2dc\ud0b5\ub2c8\ub2e4.<\/p>\n
      containers:\n        - name: elasticsearch-master\n          image: docker-repository.repository.svc.cluster.local\/search-engine\/elasticsearch:7.17.8.60\n          env:\n            - name: CLUSTER_NAME\n              value: elasticsearch-cluster\n            - name: NODE_LIST\n              value: "elasticsearch-discovery"\n            - name: "ES_JAVA_OPTS"\n              value: "-Xms300m -Xmx300m"\n            - name: NODE_MASTER\n              value: "true"<\/code><\/pre>\n
\uc0ac\uc124 \ub3c4\uba54\uc778\/\uc778\uc99d\uc11c\ub97c \uc4f0\ub824\uba74?<\/h2>\n